74rku5 (He/Him)
@74rku5.bsky.social
Dad, Fur dad, neurodivergent, SecEng strong man, a supporter of the less-privileged, foodie, and generous giver of free hugs.
https://security-spectrum.com/
https://security-spectrum.com/
I’ve shut my Twitter account. It feels weird. That too a long time to build up.
March 23, 2025 at 3:29 AM
I’ve shut my Twitter account. It feels weird. That too a long time to build up.
In job searching, does a cover letter make a big difference?
March 23, 2025 at 3:28 AM
In job searching, does a cover letter make a big difference?
How do we know ATS is really helping the hiring process? How do you verify you’re truly looking at the best candidates? If you only look at the resumes that passed, you’re still looking at only resumes. Interviewing everyone doesn’t scale. I don’t know how to solve this.
March 16, 2025 at 6:51 PM
How do we know ATS is really helping the hiring process? How do you verify you’re truly looking at the best candidates? If you only look at the resumes that passed, you’re still looking at only resumes. Interviewing everyone doesn’t scale. I don’t know how to solve this.
Remember the mob show when the restaurant was fire bombed and the mob showed up and said, “we’re so sorry this happened. Give me the back table whenever I want, feed my family for free, and pay $300 a week, and those jerks won’t bother you ever again.” The mob boss played it like a chess champion.
March 2, 2025 at 7:54 PM
Remember the mob show when the restaurant was fire bombed and the mob showed up and said, “we’re so sorry this happened. Give me the back table whenever I want, feed my family for free, and pay $300 a week, and those jerks won’t bother you ever again.” The mob boss played it like a chess champion.
Everyone knows there can be friction between development of the product and ensuring security of the product. It's the CTO vs. Security. How do we get this right? I'm asking for a friend. Oh, and I'm also calling out some best-in-class engineers.
How Do We Fix the CTO/Security Friction?
CTOs often prioritize rapid development and functionality over security, treating it as a speed bump. However, neglecting insider threats and compliance can lead to catastrophic failures. Security must be seen as essential "brakes" that empower organizations to navigate risks effectively while enabling growth. The challenge lies in convincing leadership to embrace this critical balance.
security-spectrum.com
January 21, 2025 at 3:05 PM
Everyone knows there can be friction between development of the product and ensuring security of the product. It's the CTO vs. Security. How do we get this right? I'm asking for a friend. Oh, and I'm also calling out some best-in-class engineers.
I’ve recently been asked my opinion on Exposure Management Software. I didn’t know what that was, as I’ve never heard the term before. What dark hell is some marketing firm concocting here? #infosec #vulnscans #thenextzerotrust
December 13, 2024 at 4:47 PM
I’ve recently been asked my opinion on Exposure Management Software. I didn’t know what that was, as I’ve never heard the term before. What dark hell is some marketing firm concocting here? #infosec #vulnscans #thenextzerotrust
My oldest son has been playing around with my didgeridoos for the past few days, and he's starting to get the hang of it. He and I made a quick recording of us both playing for his friends and an hour later, I realized I was droning with my son. Unknown source of joy for me!
December 12, 2024 at 6:29 AM
My oldest son has been playing around with my didgeridoos for the past few days, and he's starting to get the hang of it. He and I made a quick recording of us both playing for his friends and an hour later, I realized I was droning with my son. Unknown source of joy for me!
It's important to find and surround yourself with people who let you know it doesn't matter how weird (unique?) you are -- you're still perfect and worth the universe.
December 12, 2024 at 6:18 AM
It's important to find and surround yourself with people who let you know it doesn't matter how weird (unique?) you are -- you're still perfect and worth the universe.
A dear friend of mine who is a recruiter shared something with me I wanted to pass along. If you are open to relocation, you should put on your resume, at the top, I'm interested in relocating to $city_where_the_job_is_located. Don't say open to, or willing to relocate. Say you are interested.
December 3, 2024 at 5:51 AM
A dear friend of mine who is a recruiter shared something with me I wanted to pass along. If you are open to relocation, you should put on your resume, at the top, I'm interested in relocating to $city_where_the_job_is_located. Don't say open to, or willing to relocate. Say you are interested.
Third post on Executive Perspectives on reporting security to the top. This one is on legal, the advantages, and things that make this relationship unique.
Executive Perspectives Pt 3: Reporting to Legal
This post discusses the dynamics of reporting lines in security, specifically through legal channels. Reporting to legal grants direct access to the CEO but may narrow focus to regulatory concerns, resembling internal audit duties. Leveraging legal compliance enhances security without neglecting broader obligations. Engaging legal counsel supports effective security posture and data protection.
security-spectrum.com
December 2, 2024 at 3:23 PM
Third post on Executive Perspectives on reporting security to the top. This one is on legal, the advantages, and things that make this relationship unique.
284 applications have been submitted this time. I've had a couple dozen automated 'no's. I've had a handful of screening interviews, two second interviews, and one third. I have two leads that are still warm. I've opened myself to relocation this time, and it's a good thing I have. Nothing in Utah.
two men playing a game of thrones game with a pop blitz meets logo
Alt: It's a numbers game
media.tenor.com
December 1, 2024 at 6:08 AM
284 applications have been submitted this time. I've had a couple dozen automated 'no's. I've had a handful of screening interviews, two second interviews, and one third. I have two leads that are still warm. I've opened myself to relocation this time, and it's a good thing I have. Nothing in Utah.
I was set up to fail from the beginning. I was never going to be able to make significant improvements. They weren’t going to take action, no matter what they assured me of in my interviews.
So I’m looking. Has this happened to any of you? (7/7)
So I’m looking. Has this happened to any of you? (7/7)
November 19, 2024 at 4:13 AM
I was set up to fail from the beginning. I was never going to be able to make significant improvements. They weren’t going to take action, no matter what they assured me of in my interviews.
So I’m looking. Has this happened to any of you? (7/7)
So I’m looking. Has this happened to any of you? (7/7)
They let me go, and I was flummoxed. I texted my team to let them know. They flipped. It made no sense to anyone. Then the weekend came and on Monday we figured it out. The two managers over product and infrastructure were made managers over security. And suddenly the vulns were deprioritized. (6/?)
November 19, 2024 at 4:12 AM
They let me go, and I was flummoxed. I texted my team to let them know. They flipped. It made no sense to anyone. Then the weekend came and on Monday we figured it out. The two managers over product and infrastructure were made managers over security. And suddenly the vulns were deprioritized. (6/?)
We were addressing an event and u was a few minutes late for my 1:1. I slacked my boss to let him know. When I finally joined, I heard him say,” ok, here he is, we can get started.” My stomach dropped. HR was on the zoom, and I was told that I failed to achieve what I had been hired to do. (5/?)
November 19, 2024 at 4:09 AM
We were addressing an event and u was a few minutes late for my 1:1. I slacked my boss to let him know. When I finally joined, I heard him say,” ok, here he is, we can get started.” My stomach dropped. HR was on the zoom, and I was told that I failed to achieve what I had been hired to do. (5/?)
I said, “ this is why I’m coming to you now. We need to plan, not take over. We need to fit some remediation based on risk criticality.” We were also knee-deep in audit prep for ISO 27K and SOC. It was like pulling teeth for support. And then, we were addressing an event (4/?)
November 19, 2024 at 4:07 AM
I said, “ this is why I’m coming to you now. We need to plan, not take over. We need to fit some remediation based on risk criticality.” We were also knee-deep in audit prep for ISO 27K and SOC. It was like pulling teeth for support. And then, we were addressing an event (4/?)
We then hired an infrastructure security engineer, and he started getting Wiz properly configured. We then started looking at vulns in the cloud and what started showing up in the product. I said. “We need to start planning on remediation time in the upcoming sprints.” “We don’t have time.” (3/?)
November 19, 2024 at 4:04 AM
We then hired an infrastructure security engineer, and he started getting Wiz properly configured. We then started looking at vulns in the cloud and what started showing up in the product. I said. “We need to start planning on remediation time in the upcoming sprints.” “We don’t have time.” (3/?)
Things looked hopeful and we started making progress. After a few months I was green lit to hire for a few positions. Maybe you saw my videos on LI? We hired AppSec, after seven months of having the role open. Seven. I found at least five great candidates, but the CTO kept shooting them down (2/?)
November 19, 2024 at 4:01 AM
Things looked hopeful and we started making progress. After a few months I was green lit to hire for a few positions. Maybe you saw my videos on LI? We hired AppSec, after seven months of having the role open. Seven. I found at least five great candidates, but the CTO kept shooting them down (2/?)
Ok, I just realized I can safely vent about my last job here. Ugh. I was hired in December. I was the fourth director of security in the year. The team was beaten up, frustrated, mistrusting, etc. They were also pretty junior. Things looked hopeful, (1/?)
November 19, 2024 at 3:59 AM
Ok, I just realized I can safely vent about my last job here. Ugh. I was hired in December. I was the fourth director of security in the year. The team was beaten up, frustrated, mistrusting, etc. They were also pretty junior. Things looked hopeful, (1/?)
I’m hearing that blue sky is taking off. Welcome to all the new people. Please don’t light the dumpsters on fire here, please.
November 19, 2024 at 3:56 AM
I’m hearing that blue sky is taking off. Welcome to all the new people. Please don’t light the dumpsters on fire here, please.
The radiators have arrived. #computerbuild
September 5, 2024 at 12:48 PM
The radiators have arrived. #computerbuild
This is my number four, wearing a shirt as old as him.
September 5, 2024 at 12:44 PM
This is my number four, wearing a shirt as old as him.
@tuckingfypos.bsky.social love your little tool kits. Very well organized.
August 7, 2024 at 4:27 AM
@tuckingfypos.bsky.social love your little tool kits. Very well organized.